CVE-2017-3135

NameCVE-2017-3135
DescriptionUnder some conditions when using both DNS64 and RPZ to rewrite query responses, query processing can resume in an inconsistent state leading to either an INSIST assertion failure or an attempt to read through a NULL pointer. Affects BIND 9.8.8, 9.9.3-S1 -> 9.9.9-S7, 9.9.3 -> 9.9.9-P5, 9.9.10b1, 9.10.0 -> 9.10.4-P5, 9.10.5b1, 9.11.0 -> 9.11.0-P2, 9.11.1b1.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDLA-843-1, DSA-3795-1
NVD severitymedium
Debian Bugs855520

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
bind9 (PTS)stretch1:9.10.3.dfsg.P4-12.3+deb9u6fixed
stretch (security)1:9.10.3.dfsg.P4-12.3+deb9u8fixed
buster1:9.11.5.P4+dfsg-5.1+deb10u2fixed
buster (security)1:9.11.5.P4+dfsg-5.1+deb10u3fixed
bullseye, sid1:9.16.12-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
bind9sourcewheezy1:9.8.4.dfsg.P1-6+nmu2+deb7u15DLA-843-1
bind9sourcejessie1:9.9.5.dfsg-9+deb8u10DSA-3795-1
bind9source(unstable)1:9.10.3.dfsg.P4-12855520

Notes

https://kb.isc.org/article/AA-01453
Patch for 9.9.9-P6: ftp://ftp.isc.org/isc/bind9/9.9.9-P6/patches/rt44434

Search for package or bug name: Reporting problems